zama-ai / bounty-program Goto Github PK

Bounty type

Reward

Up to €500 per tutorial

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Develop a DNA encryption and analysis library inspired by BioPython with TFHE

DNA Encryption and Analysis with TFHE

Category: Application
Overview: This project aims to demonstrate the use of Zama Concrete library for FHE in bioinformatics, with an emphasis on DNA sequence encryption and analysis. The project will focus on creating simple BioPython DNA functions with FHE, conducting basic DNA analysis and treatment with FHE, and discussing the potential for implementing alignment algorithms with FHE. The project's ultimate goal is to produce tooling that could serve as a foundation for a future "concrete-biopython" TFHE-enabled BioPython library, while showcasing the potential of encrypted genomic data analysis while ensuring data privacy.
Reward: 10,000€ (splitted per component)
Related links and reference::

Description:

DNA Encryption and Analysis with Privacy-Preserving FHE Encryption using Zama Concrete Library

Summary:

The primary objectives include implementing simple BioPython DNA functions with FHE, conducting basic DNA analysis and treatment, and creating alignment algorithms starting from Smith-Waterman and suggestions for BWA implementation. The final goal is to contribute towards creating a TFHE-enabled BioPython library, which offers an extensive set of tools for encrypted genomic data analysis.

Milestones:

1. Simple BioPython DNA functions converted for TFHE

Time estimation: 5-7 days
Reward: 3,000€
Tasks:
- Identify simple BioPython DNA functions such as reverse complement, transcription, and translation.
- Adapt these functions to work with FHE using the Concrete library.
- Package these functions in a library-like format for easy reuse.
Deliverables: A library of FHE-enabled BioPython DNA functions, along with a notebook demonstrating their use and performance.

2. DNA Analysis & Treatment

Time estimation: 5-7 days
Reward: 3,000€
Tasks:
- Implement basic DNA analysis functions such as Hamming distance calculation, sequence sorting, and origin of replication analysis.
- Encrypt these functions using the Concrete library to ensure privacy-preserving analysis.
Deliverables: A notebook showcasing the implementation and performance of the FHE-enabled DNA analysis functions.

3. Alignment Algorithms

Time estimation: 5-7 days
Reward: 3,000€
Tasks:
- Implement the Smith-Waterman alignment algorithm for sequence alignment.
- Discuss potential approaches for BWA algorithm and other advanced alignment algorithms with FHE. !! implementation is not in the scope as many challenges are expected.
Deliverables: A notebook detailing the implementation of the Smith-Waterman alignment algorithm with FHE, along with a discussion on potential approaches for adapting the BWA algorithm with FHE.

4. Documentation and Tutorial

Time estimation: 2-4 days
Reward: 1,000€
Tasks:
- Provide a summary of all issues encountered with Concrete for improvement and potential path forward for concrete-biopython.
- Create a comprehensive jupyter notebook detailing the project, methodologies, techniques, and results.
- Provide clear explanations and code samples for developers to follow as a tutorial.
Deliverables: A jupyter notebook, including code snippets and visualizations, illustrating the application of FHE encryption using Concrete for DNA sequence analysis.

Create a FHE ECDSA signature tutorial

Zama Bounty Program Application

Bounty Github Link: #45

Github username: yagizsenal

About you: Hello, I previously completed Dark Market bounty, now I would like to work on this bounty.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Randomized Testing of Concrete Compiler

Zama Bounty Program: Proposition

Bounty name: Randomized Testing of Concrete Compiler
Bounty type: major_bounty
Category: Engineering/Research
Overview: I propose a rewrite of the compiler tests in randomized testing style as a significant contribution to Concrete compiler
Library targeted: Concrete
Reward: €50.000

Description:

Introduction

Compiler correctness is one of the grand challenges of computer science[1]. One approach to correctness is formal verification, yet creation and maintenance of formally verified software is still an active research problem. Another approach is to use random testing techniques such as Property-Based Testing and Fuzzing. These techniques are used to randomly generate and execute programs, effectively discover the input space much better than any human manually could. They have been used in a variety of different applications in different languages; today, all major mainstream programming languages host well-supported libraries for both fuzzing and property-based testing.

Property-Based Testing

Property-Based Testing(PBT) has emerged from Haskell's QuickCheck in 2000, and quickly popularized in many different languages over the years. Today, major projects like pandas, numpy, PyPy uses a Python library for PBT, Hypothesis, to test their programs[3][4].

Property-Based Testing allows for fine grained control over the generated data, expert users can create their own generators, push them into the parts of the input space they find interesting.

Fuzzing

Fuzzing, or Fuzz Testing, is a method for randomly discovering input space of programs, similar to PBT. Popularized by AFL(American Fuzzy Lop)[5], fuzzers have seen a plethora of interest in the last decade. They have been used in compiler testing [2], browser testing, operating system testing... They have been used to successfully discover bugs in virtually all types of software in any domain.

Concrete

Concrete is the TFHE compiler developed by Zama that converts Python programs into FHE equivalents. Right now, Concrete tests are developed as unit tests in the style of expected input-output pairs, or circuit/function equivalence is checked with statically provided inputs.

Proposal

I propose to gradually migrate concrete-python tests into the PBT style, with the possibility to later adopt fuzzing to enhance the effectiveness of testing.

Develop an FHE-based iris identification application tutorial with Concrete

Overview

Design an iris recognition biometric template protection schemes based on Homomorphic Encryption

Description

Biometric recognition is becoming a prominent way to authenticate users or verify their identities. As highlighted in the ISO/IEC 24745, it is important to protect biometric information for secrecy, irreversibility, and renewability during storage and transfer.
In this bounty you will need to design an FHE based remote authentication system that protects sensitive Iris information during storage and biometric comparison.
In its paper "Hybrid biometric template protection: Resolving the agony of choice between bloom filters and homomorphic encryption", the research team looked at three different approaches: Bloom filters, homomorphic encryption and hybrid biometric template protection (BTP). The team highlighted the advantages and disadvantages of each approach.

The bounty objective is to:

use Concrete to implement a single key TFHE-based BTP for an access control system
all reference templates are stored encrypted in a database on the server

The client:

collects the iris biometric (format should be the same as UBIRIS.v2 or CASIA)
extracts the feature vector
encrypt it
and send it to the server

Then the server:

perform the comparison against its database
send an encrypted matching ID back to client
a no match encrypted message is returned if no matching template is found

Performance:

Good comparison performance
Possibility to implement multi threading

Your PR should comply with the following:

Create the app frontends/concrete-python/examples/iris-identification/{client,server}.py
Create the tutorial docs/tutorial/iris-identification.{md,ipynb}

Library targeted

Concrete

Reward

Up to €5,000

Zama Bounty Program Application

Bounty Github Link: #46

Github username: AgeOfAlgorithms

About you: I am interested in Deep Learning and Cryptography for privacy, which brought me to this Bounty Program.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create a FHE ECDSA signature tutorial

Zama Bounty Program Application

Bounty Github Link:
#45

Github username:
auqib92

About you:
Blockchain and Cryptography Research Scientist

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create an application "Play Chess" in FHE

Zama Bounty Program Application

Bounty Github Link:#46

Github username: BlueMinionn

About you: I came across Zama ai on Twitter and I am impressed by what you are trying to accomplish. I found out about the Bounty program on Twitter. I have recently finished high school and I took a gap year to pursue my interests. I have been self-teaching Machine learning for the past month. Since I started, I have been able to implement the bounty halfway and I am currently on track to having an MVP before the stipulated deadline.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Add bitwise shift operations

Winner

This bounty has been solved, see the entire solution here.

Overview

Support bitwise shift operations between encrypted integers in Concrete Numpy.

Description

Add support in Concrete Numpy for the following operations:

Bitwise Left Shift of encrypted integers from 1 up to 16-bits with other encrypted integers
Bitwise Right Shift of encrypted integers from 1 up to 16-bits with other encrypted integers

The encrypted shift operator should behave as the regular python shift operators.

Here is an example of the bitwise Left shift operation on 8-bit encrypted values by a 2-bit encrypted value:

import concrete.numpy as cnp
import numpy as np

configuration = cnp.Configuration(
    enable_unsafe_features=True,
    use_insecure_key_cache=True,
    insecure_key_cache_location=".keys",
)

@cnp.compiler({"x": "encrypted", "y": "encrypted"})
def f(x, y):
    return x << y

inputset = [(np.random.randint(0, 2 ** 8), np.random.randint(0, 2 ** 2)) for _ in range(100)]
circuit = f.compile(inputset, configuration, verbose=True)

assert circuit.encrypt_run_decrypt(0b_0010_1100, 2) == 0b_1011_0000

Here are some guidance to get you started:

Ignore candidate operations in fusing candidate search in concrete/numpy/compilation/utils.py
Disable generic table lookup asserts for candidate operations in concrete/numpy/mlir/graph_converter.py
Create a new converter for candidate operation in concrete/numpy/mlir/node_converter.py
Use the old implementation if one the inputs is a clear constant to preserve the old semantics
Implement new MLIR conversion logic (only existing MLIR operations must be used)

We expect your PR to comply with the following:

Create tests with 100% coverage (hint: make pytest runs without errors)
Make sure pcc checks are passing (hint: make pcc runs without errors)
And update documentation

Library targeted

Concrete-Numpy

Bounty type

Reward

Up to €3,500

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Implement programmable bootstrapping for 4-bit encrypted integers on FPGA

Overview

Implement a low-Latency, high-throughput Programmable Bootstrapping for LWE inputs encrypting 4-bit integers on FPGA.

Description

To fulfill this bounty, an implementation of a PBS with following parameters should be implemented on a target FPGA card.

The naming conventions used here are from the blog post and tfhe-rs.

Parameter	Name in tfhe-rs	Name in HW	Value
Coefficient Modulus q		`MOD_Q`	2⁶⁴
LWE Dimension n	`lwe_dimension`	`LWE_K`	630
GLWE Dimension k	`glwe_dimension`	`GLWE_K`	1
Polynomial Size N	`polynomial_size`	`DEG_N`	1024
PBS Decomposition Base Log	`pbs_base_log`	`PBS_B_W`	7
PBS Decomposition Level	`pbs_level`	`PBS_L`	3

Support for the keyswitching is not required.
The decomposition algorithm should follow the algorithm here.
The polynomial multiplication should be performed using either:

a double-precision floating-point FFT;
a fixed-point FFT with an error comparable to a double-precision floating-point FFT;
a 64-bit NTT by performing suitable modulo switching operations before the NTT and after the inverse NTT operations.

The radix of the FFT/NTT and the value of the 64-bit modulus for the NTT can be chosen freely.
For the implementation, the parameters should be named as listed in the "Name in HW" column in the table above.

We strongly encourage applicants to implement performance counters relevant to their implemented architecture.

Target FPGA

The choice of the FPGA is up to you but is limited to a single instance of following cards:

Xilinx Alveo U55C
Xilinx Alveo U250
AWS F1 (Xilinx VU9P)
Xilinx Versal VCK5000

The resulting accelerator should be made accessible, either through self-hosting, through an AWS AMI, or through an FPGA cloud solution (e.g. https://www.vmaccel.com/).

Validation

The reward of the bounty is based on the achieved throughput for the PBS operation on a batch of LWE ciphertexts using a single bootstrapping key, and does not include the initial loading of the bootstrapping key to on/off-chip memory.
More specifically, for the throughput the time is measured from the moment the host receives the first sample-extracted LWE ciphertext result until the last sample-extracted LWE ciphertext results.
For the latency the time is measured from the start of writing the LWE ciphertext/GLWE test polynomial pair to the accelerator until its resulting sample-extracted LWE ciphertext is returned to the host.

the latency of a single PBS should not exceed 20ms;
the minimal throughput should be 1,000 PBS/s

An applicant can propose an alternative parameter set if it would help them achieve a higher-throuput or latency.
We can check if a PBS on an LWE ciphertext of a 4-bit encryption is possible with the proposed parameter set, and if so, we will consider its implementation and performance as valid in deciding the reward.

We can provide help with functional validation of the accelerator outputs to applicants at the right stage of the program.

Submission

A valid submission contains the following:

documentation of the architecture, design choices, optimisations, performance measurement methodology, and performance results;
RTL code and test benches in a chosen HDL;
access to the working accelerator with code and instructions to launch the performance benchmarking.

Reward

The overall reward is scaled linearly based on throughput as follows:

1,000 PBS/s is rewarded with €10,000
5,000 PBS/s is rewarded with €25,000
10,000 PBS/s is rewarded with €50,000
50,000 PBS/s is rewarded with €75,000
100,000 PBS/s is rewarded with €100,000

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create a SHA-256 tutorial

Zama Bounty Program Application

Bounty Github Link (See the full list of bounties here: Bounty_link
Your name or username: Dragan Pilipovic
Link to your Github account: github.com/dragan2234
Tell us more about yourself (and/or your team): Software engineer with 6+ years of experience interested in cryptography. I am working on the sha256 implementation using the TFHE-rs integer module.
Please provide as much relevant information as possible: How did you learn about the Zama Bounty Program? Is it your first contribution to a Bounty Program? Or any other relevant information:
I've learned about Zama Bounty Program through the OnlyDust company which is supporting open-source developers. This is my first contribution to a Bounty Program.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Add bitwise operations

Winner

This bounty has been solved, see the entire solution here.

Overview

Support bitwise operations between encrypted integers in Concrete Numpy.

Description

Add support in Concrete Numpy for the following operations:

Bitwise AND between encrypted integers from 1 up to 16-bits
Bitwise OR between encrypted integers from 1 up to 16-bits
Bitwise NOT of encrypted integers from 1 up to 16-bits
Bitwise XOR of encrypted integers from 1 up to 16-bits

Here is an example of the bitwise AND operation on 8-bits encrypted values:

import concrete.numpy as cnp
import numpy as np

configuration = cnp.Configuration(
    enable_unsafe_features=True,
    use_insecure_key_cache=True,
    insecure_key_cache_location=".keys",
)

@cnp.compiler({"x": "encrypted", "y": "encrypted"})
def f(x, y):
    return x & y

inputset = [(np.random.randint(0, 2 ** 8), np.random.randint(0, 2 ** 8)) for _ in range(100)]
circuit = f.compile(inputset, configuration, verbose=True)

assert circuit.encrypt_run_decrypt(0b_0010_1100, 0b_0110_0100) == 0b_0010_0100

Here are some guidance to get you started:

Ignore bitwise operations in fusing candidate search in concrete/numpy/compilation/utils.py
Disable asserts for bitwise operations in concrete/numpy/mlir/graph_converter.py
Create a new converter in concrete/numpy/mlir/node_converter.py
Use the old implementation if one the inputs is a clear constant to preserve the old semantics
Implement new MLIR conversion logic (only existing MLIR operations must be used)

We expect your PR to comply with the following:

Create tests with 100% coverage (hint: make pytest runs without errors)
Make sure pcc checks are passing (hint: make pcc runs without errors)
And update documentation

Library targeted

Concrete-Numpy

Bounty type

Reward

Up to €2,500

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Improve single-threaded TFHE Programmable Bootstrapping latency

Overview

Improve the efficiency of programmable bootstrapping in TFHE, for LWE inputs encrypting 4-bit integers, at least of a 10x factor, on a given machine.

Description

Implement a new variant of programmable bootstrapping of TFHE in Concrete, that achieves at least a 10x factor improvement.
Programmable bootstrapping is an operation that is able to reduce the noise inside a ciphertext and, at the same time, to evaluate a look-up table on the encrypted message.

Security and noise

The security level of the solution has to be at least 128 bits, strictly under the GLWE problem;
The error probability for the chosen parameter set should be at worse $2^{-40}$
The noise of the output ciphertext has to be such that at least 3 bits between the message and the noise are empty.

Performances and comparison with the state of the art

The new programmable bootstrapping must be able to bootstrap correctly a polynomial message with 4-bit coefficients, encrypted as one GLWE ciphertext, and provide in output a GLWE ciphertext encrypted under the same secret key;
The public key material (bootstrapping keys, key switching keys, ...) has to remain below 1GB in total;
The speed up must be proven by experimental results on the same architecture, single-threaded.

Your solution should compare to the following implementation from TFHE-rs:

AWS m6i.metal (Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz)
OS: Ubuntu 22.04

The parameters for a single bootstrapping on this architecture are:

lwe_dimension: LweDimension(742),
glwe_dimension: GlweDimension(1),
polynomial_size: PolynomialSize(2048),
lwe_modular_std_dev: StandardDev(0.000007069849454709433),
glwe_modular_std_dev: StandardDev(0.00000000000000029403601535432533),
pbs_base_log: DecompositionBaseLog(23),
pbs_level: DecompositionLevelCount(1),
ks_level: DecompositionLevelCount(5),
ks_base_log: DecompositionBaseLog(3),
message_modulus: MessageModulus(4),

We use 64-bit integers in the implementation.
The key sizes and timings for a single bootstrapping on this architecture are:

Bootstrapping key: 46.38 MB
Bootstrapping key (Fourier): 92.75 MB
Key swiching key: 58.05 MB
Time per PBS single-thread (no avx512): 21.419 ms
Time per PBS single-thread (avx512): 18.396 ms

Your timings should be for a single pbs on a single thread, non-amortized.

Validity of the solutions proposed

A valid submission contains the following:

A PDF format (using LaTeX) document, describing in detail the solution proposed;
An implementation using TFHE-rs, and instructions to run it;
A set of tests aiming to prove the claim on efficiency and instructions to run them.

Library targeted

TFHE-rs

Bounty type

Expert

Reward

Rewards depends on the speedup achieved:

10-20x: €10,000
21-50x: €50,000
51-99x: €100,000
100x+: €200,000

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Write a tutorial for Compare regressors

Winner

See the winning solution here

Overview

Comparison of regressors available in Concrete-ML

Description

Create a tutorial inspired from our https://github.com/zama-ai/concrete-ml/tree/release/0.5.x/docs/advanced_examples/ClassifierComparison.ipynb, but which uses all the regressors we have in Concrete-ML. The goal is to show that, in different situations, the different models may behave better or worse. It should be easy to add new regressors when we add new regressors in Concrete-ML.

We expect from you:

a PR on the public https://github.com/zama-ai/concrete-ml (or a fork of it), with just a few new file, ideally a single Jupyter notebook
a detailed notebook, written in a pedagogical way, with an emphasis in the new section(s), i.e., what makes this notebook different from other notebooks

Library targeted

Bounty type

Reward

Up to €500

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create a FHE ECDSA signature tutorial

Zama Bounty Program Application

Bounty Github Link: #45

Github username: dragan2234

About you: Software engineer with 6+ years of experience interested in cryptography. Already done with Sha2-256 using TFHE-rs. I'm looking for the next project to work on.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Add comparison operations

Zama Bounty Program: Proposition

Please give us as much information as possible on the bounty you would like to submit. You can find inspiration from our existing list of bounties here.

Bounty type:

Category:

Overview:

Description:

Library targeted:

Reward:

Related links and reference:

GLWE Programmable Bootstrapping in TFHE

Overview

Programmable bootstrapping a GLWE ciphertext, encrypting a polynomial, in TFHE.

Description

Propose a new technique to do a programmable bootstrapping on a GLWE ciphertext, encrypting a polynomial with 4-bits coefficient messages, in TFHE.
For this challenge, GLWE programmable bootstrapping means that you are able to reduce the noise on all the message coefficients and, at the same time, to evaluate on each of them a look-up table (could be the same for all message coefficients, but preferably a chosen one for each message coefficient).

The solution has to be at least 10x faster than the existing trivial solution, consisting in:

extracting all the coefficients as LWE ciphertexts;
performing separate programmable bootstrapping on each of them;
re-packing them into a single GLWE using packing key-switching.

Security and noise

The security level of the solution has to be at least 128 bits, strictly under the GLWE problem;
The error probability for the chosen parameter set should be at worse $2^{-40}$
The noise of the output ciphertext has to be such that at least 3 bits between the message and the noise are empty.

Performances and comparison with the state of the art

The new programmable bootstrapping must be able to bootstrap correctly a polynomial message with 4-bit coefficients, encrypted as one GLWE ciphertext, and provide in output a GLWE ciphertext encrypted under the same secret key;
The public key material (bootstrapping keys, key switching keys, ...) has to remain below 1GB in total;
The speed up must be proven by experimental results on the same architecture, single-threaded.

Your solution should compare to the following implementation from TFHE-rs:

AWS m6i.metal (Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz)
OS: Ubuntu 22.04

The parameters for a single bootstrapping on this architechture are:

lwe_dimension: LweDimension(742),
glwe_dimension: GlweDimension(1),
polynomial_size: PolynomialSize(2048),
lwe_modular_std_dev: StandardDev(0.000007069849454709433),
glwe_modular_std_dev: StandardDev(0.00000000000000029403601535432533),
pbs_base_log: DecompositionBaseLog(23),
pbs_level: DecompositionLevelCount(1),
ks_level: DecompositionLevelCount(5),
ks_base_log: DecompositionBaseLog(3),
message_modulus: MessageModulus(4),

We use 64-bit integers in the implementation.
The key sizes and timings for a single bootstrapping on this architecture are:

Bootstrapping key: 46.38 MB
Bootstrapping key (Fourier): 92.75 MB
Key swiching key: 58.05 MB
Time per PBS single-thread (no avx512): 21.419 ms
Time per PBS single-thread (avx512): 18.396 ms

You should compare timings by multiplying the above by the number of messages you can bootstrap at the same time.

Potential Approaches

Initial directions could include:

Looking at the steps of the trivial solution (listed above) and attempting to improve their performance individually. For example, improving the re-packing technique.
Following the approach of B/FV and BGV to perform bootstrapping [1,2]. Their approach is to move the coefficients into the slots of the ciphertext to be able to perform the modular reduction or digit extraction (as would be the case for TFHE) procedure needed when performing decryption homomorphically. With the parameters used in TFHE there are no slots. However, this problem could be overcome by bootstrapping slightly more data than the plaintext bits by simply considering the ciphertext to have an artificial plaintext modulus that is larger and of an appropriate form at the loss of some space for the noise growth.

A further problem is that the process of performing modular reduction or digit extraction on the slots requires evaluating relatively large degree polynomials. For B/FV and BGV in which the parameters are very large this is feasible. However, for TFHE we typically have much smaller parameters meaning that switching to use much larger parameters (for the outer ciphertexts) to perform the homomorphic decryption would presumably incur a noticeable slow down relative to the amount of data being bootstrapped.
The techniques of [3] should be applicable to TFHE, but it is unclear if they give any practical improvement. The main challenge seems to be to find a way to replace the internal product used in FHEW [4] with the external product used in TFHE. An orthogonal route to improving the practical performance of [3] could be to find multiplication algorithms for polynomials better suited for evaluation using homomorphic accumulators.

[1] https://eprint.iacr.org/2014/873

[2] https://eprint.iacr.org/2018/067

[3] https://eprint.iacr.org/2018/532

[4] https://eprint.iacr.org/2014/816

Validity of the solutions proposed

A valid submission contains the following:

A PDF format (using LaTeX) document, describing in detail the solution proposed;
An implementation using TFHE-rs, and instructions to run it;
A set of tests aiming to prove the claim on efficiency and instructions to run them.

Library targeted

TFHE-rs

Bounty type

Expert

Reward

€10,000 to €50,000 depending on performance etc.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create a FHE encrypted key-value database example

Winner

This bounty has been solved, see the entire solution here with an interactive demo here.

Overview

Create a FHE key-value database with Concrete-Numpy.

Description

Implement a key-value database where where both keys and values are FHE encrypted.
In particular, the key-value database should be able to:

add a (key, value) entry if the key has not been used already
replace a (key, value) entry if the key has already been used. The data space related to the previous value should be reclaimed from the database
find by key and get only the associated value in database (not a vector of values). The function should return an error flag if no value were found. The time needed to execute the function should be proportional to the size of the database
the implementation of the delete function is not required

The database should accept 32-bit keys

We expect your PR to comply with the following:

Changes required in Concrete Numpy code
Create tests with 100% coverage (hint: make pytest runs without errors)
Make sure pcc checks are passing (hint: make pcc runs without errors)
Create the example app under examples/keyvalue-database/{client,server}.py
Create the tutorial under docs/tutorial/keyvalue-database.md

Library targeted

Concrete-Numpy

Bounty type

Reward

Up to €10,000

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create an application "Play Chess" in FHE

Zama Bounty Program Application

Bounty Github Link: #46

Github username: lryz

About you: I'm currently working on a deep learning project applied to Doppler echocardiography images at my company as my first work. I studied applied mathematics and computer science and was recently looking to develop an FHE-compatible machine learning model in my spare time. I stumbled across this bounty program that matches my current personal work, so why not give it a try!

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

test issue

Zama Bounty Program Application

Bounty Github Link:

Github username:

About you:

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create a dark market application tutorial

Winner

See the winning solution here

Overview

Create an FHE implementation of the Dark Market algorithm given in https://eprint.iacr.org/2022/923.

Description

Simple Challenge:

In the above mentioned paper the authors implement a simple volume matching Dark Market algorithm using MPC. See Algorithm 1 on page 12, which implements the matching algorithm for a single item (be it instrument, stock, or whatever). You should interepret the secret sharing symbol in this challenge as equivalent to the FHE encryption of the value x under some private key FHE-Enc(k, x).

The algorithm takes as input N sell orders, and M buy orders, where N and M are known to the algorithm. The sell orders are represented by encrypted sell volumes <s_i> for i=1..N, and the buy orders are represented by encrypted buy orders <b_i>, for i=1...M.

The output [line 19] of the algorithm is the opened buy/sell orders which are transacted, those which are not transacted are set to zero during the algorithm.

For your implementation you should sample the values s_i and b_i from the range [1...100]. With N=M=500 the goal is to reach a performance time of under 20 seconds for the execution of lines 1-18 of the algorithm [i.e. not including the decryption step] for TFHE parameters which offer 128-bit security.

The reason for selecting 20 seconds above is that this is time it took the authors of the above paper to implement the algorithm using an MPC system with 100 parties.

Complex Challenge:

As a more complex challenge we would like the same algorithm implemented but now with multiple instruments, i.e. multiple different items being bought/sold. The item being sold should be identified by a value in the range [1,...,5000]. The item identifier will be also encrypted, thus each sell order will be of the form (<item_i>, <s_i>). In real life there will be a skew to the popularity of which stock is being sold/bought the most, e.g. Microsoft trades more (say) than Lidl.

For this more complex problem we expect N=M=500 distinct orders where the instrument identifiers are selected from a Poisson distribution with parameter lambda = 200, but obviously truncate the distribution so the maximum identifier is 5000. The buy/sell volume amounts should be again in the range [1,...,100]. The goal is to obtain an execution of the matching algorithm in under 30 minutes.

General Requirements:

We expect your PR to comply with the following:

You can use any Zama product to implement the algorithm.
Document any changes you need to make to the underlying products.
Create tests with 100% coverage (For example: make pytest runs without errors)
Create the app tfhe/examples/dark-market.rs
Create the tutorial tfhe/docs/tutorial/dark-market.md

There is no need for the code to verify that the encrypted values are in range, one can assume the encryptors are honest.

Library targeted

Bounty type

Reward

Up to €5,000 [Simple Challenge]
Up to €15,000 [Complex Challenge]

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

LinearSVC Tutorial

Zama Bounty Program: Proposition

Please give us as much information as possible on the bounty you would like to submit. You can find inspiration from our existing list of bounties here.

Bounty name: LinearSVC Tutorial
Bounty type: easy_bounty
Category: Machine_learning
Overview: Provide a tutorial for working on LinearSVC with Concrete-ML
Description: This tutorial has been submitted and is being reviewed on the fhe-tutorial repository, before the establishment of the shared bounty program
Library targeted: Concrete-ML
Related links and reference: fhe-tutorials #5

Create an application "Play Chess" in FHE with Concrete-ML

Zama Bounty Program Application

Bounty Github Link: #46

Github username: salihfc

About you: I am a final year undergraduate student studying Computer Engineering at Istanbul Technical University.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Penalized regression tutorial

Zama Bounty Program: Tutorial Proposition

Bounty name: Penalized regression on concrete-ml
Bounty type: easy_bounty
Category: Machine_learning
Overview: It is a tutorial to teach how to apply Lasso, Ridge, and ElasticNet on concrete-ml from an absolute beginner perspective.
Description: This tutorial provides an introduction to the concept of Fully Homomorphic Encryption (FHE) and how it can be applied to machine learning models. The tutorial walks through the steps to train a model using FHE and compares the results with a traditional machine learning model trained using sklearn. The tutorial also includes suggestions for further experimentation such as comparing performance metrics for different parameter values and using real-world datasets. Additionally, the tutorial highlights the importance of showing timings and including visualizations to help readers better understand the impact of FHE on machine learning models.
Library targeted: Concrete-ML
Related links and reference: the PR to original repo.

Encrypted Matrix inversion

Zama Bounty Program Application

Bounty Github Link:#55

Github username: Lcressot

About you: I did an open bounty and a private one, I already signed the term and conditions

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create a tutorial for DecisionTreeRegressor

Create a tutorial for new models with Concrete-ML

Machine Learning

Overview

Create tutorials for various models available in Concrete-ML

Description

Create tutorials for models which do not have tutorials, i.e.:

one tutorial for LinearSVC
one tutorial for LinearSVR
one tutorial for DecisionTreeRegressor

For tutorials bounties, we expect candidates to:

provide a PR on the public https://github.com/zama-ai/concrete-ml (or a fork of it), with just a few new file, ideally a single Jupyter notebook
to have a very detailed notebook, written in a pedagogical way, with an emphasis in the new section(s), i.e., what makes this notebook different from other notebooks

If one needs to modify the library to have the tutorial, it is ok, but then, rules of SW apply as well.

Library targeted

Bounty type

Reward

Up to €500 per tutorial

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

K-Nearest Neighbors Algorithm

Zama Bounty Program Application

Bounty Github Link: https://github.com/zama-ai/bounty-program/blob/main/Bounties/Machine_Learning/add-k-nearest-neighbors-algorithm.md

Github username: sambux1

I'm about to finish my undergraduate studies at the University of Virginia, and I'll be starting a PhD in cryptography in the fall at Boston University. I have research experience with multiparty computation for machine learning, so I'm familiar with many of the paradigms and constraints of designing algorithms over encrypted data.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create a FHE ECDSA signature tutorial

Winners

🥇 1st place: A submission by Tetration-Lab

Overview

Create a tutorial demonstrating how to generate a ECDSA signature on clear data with an FHE-encrypted private key

Description

The goal of this bounty is to implement the ECDSA signature algorithm, used on the Ethereum blockchain, in FHE.
It uses the curve secp256k1. From an FHE encrypted private key and a clear message, the provided algorithm should
be able to return a signature that (potentially after being decrypted by the FHE private key) can be verified in clear with the EC public key.

This bounty does not expect EC key generation, or Signature validation function.

We expect your PR to comply with the following:

Input size is fixed to 32 bytes
Private Key size is fixed to 32 bytes

Your PR should comply with the following:

Create the script tfhe/examples/secp256k1-signature.rs
Create the tutorial tfhe/docs/tutorial/secp256k1-signature.md

Prizes

🥇 1st place: €10,000
🥈 2nd place: €3,500
🥉 3rd place: €1,500

Rewards are attributed based on code quality and speed performance on the Amazon EC2 M6i instances.

Application

Are you interested to work on this bounty? Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Homomorphic regular expression engine

Zama Bounty Program: Tutorial Proposition

Bounty name: Homomorphic regular expression engine
Bounty type: unknown
Category: Application
Overview: Provide a tutorial on how to write an homomorphic regular expression engine using TFHE-rs
Description: A working homomorphic regular expression engine have been submitted as a draft PR in the fhe-tutorial. We (@irisdv and me) are still working on the tutorial part.
Library targeted: TFHE-rs
Related links and reference: PR in fhe-tutorial repository

Train a deep neural network in FHE that can classify CIFAR10 or ImageNet

Overview

Classification of ImageNet in FHE

Description

Homomorphically train a Resnet or similar neural network to classify CIFAR10 or Imagenet using TFHE.

Assume that the dataset is owned by an entity C, and is encrypted with a single secret key K only known to C. The training is done by an independent entity S, which outputs a model whose weights are also encrypted by the same key K. The key K is obviously not known by the entity S, but only by C.

This means:

the training dataset is encrypted with a single secret key K
the model fits well, i.e., it has an top1 accuracy of at least 0.65 for Imagenet or 0.75 for CIFAR10
the model will have weights which are encrypted with the secret key
after the training:
- to check the model accuracy on the test set: the model weights are decrypted by C with her private key K, and then the inferences can be done over clear test set
- to use the encrypted model directly on the server S, entity C can encrypt a fresh data with her secret key K and send it to server S, which can run the encrypted inference

In term of machine learning, any technique (in term of quantization, ML model, etc) is acceptable.

In term of deliverables, we expect:

a script to setup everything, including the key generation
a script to launch the training
a script to launch the inferences, once the training is done: possibly, the inferences may be done on the server with the encrypted model, or may be done after final decryption of the trained model with the secret key
a complete documentation explaining the approach you took to realize this task, and how we can reproduce your results; if your solution use cryptographic constructions or protocols which are not already used in Zama, we also need complete explanations including proof of securities

Library targeted

Bounty type

Moonshot bounty

Reward

Up to €50,000 for a CIFAR10 classifier
Up to €100,000 for an Imagenet classifier

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create a FHE ECDSA signature tutorial

Zama Bounty Program Application

Bounty Github Link: #45

Github username: @yoyoismee @y-pakorn from @Tetration-Lab

this is our first attempt at zama bounty program
we working on confidential computing. we testing out a few tech like MPC and HFE. this took us to zama and this program. :)

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Iris Identification with FHE

Zama Bounty Program: Application for Iris Identification

Please give us as much information as possible on the bounty you would like to submit. You can find inspiration from our existing list of bounties here.

Bounty name: iris_identification_app
Bounty type: major_bounty
Category: Application
Library targeted: concrete-python
Reward:
Overview: Develop an HE-based iris identification application tutorial with Concrete Python
Description:

The bounty objective is to:

use Concrete Python to implement a single key TFHE-based BTP for an access control system
all reference templates are stored encrypted in a database on the server

The client:

collects the iris biometric (format should be the same as OSIRIS v4.1)
extracts the feature vector
encrypt it
and send it to the server

Then the server:

perform the comparison against its database
send an encrypted matching ID back to client
a no match encrypted message is returned if no matching template is found
the system will need to have an Equal Error Rate (EER) of 0.1%
the OSIRIS v4.1 database will be used to compute the error rates

Your PR should comply with the following:

Create the app examples/iris-identification/{client,server}.py
Create the tutorial docs/tutorial/iris-identification.{md,ipynb}

Related links and reference:

Create a FHE ECDSA signature tutorial

Zama Bounty Program Application

Bounty Github Link: #45

Github username: github.com/georgio

About you: I'm a researcher, and I heard about the bounty from your announcements on social media. It's my first contribution to such a program.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create a homomorphic regex engine and write a tutorial about it

Winner

See the winning solution here

Overview

Create a homomorphic regular expression engine that operate on encrypted bytes of an ASCII string and write a tutorial about it.

Description

Your implementation should support following regular expression features:

Contains matching
- /abc/ should only match with strings containing abc (e.g., abc, 123abc, abc123, 123abc456)
Start matching
- /^abc/ should only match strings starting with abc (e.g., abc, abc123)
End matching
- /abc$/ should only match strings ending with abc (e.g., abc, 123abc)
Exact matching
- /^abc$/ should only match the string abc
Case-insensitive matching
- /^abc$/i should only match with abc, Abc, aBc, abC, ABc, aBC, AbC, ABC
Optional matching
- /^ab?c$/ should only match with abc, ac
Zero or more matching
- /^ab*c$/ should only match with ac, abc, abbc, abbbc and so on
One or more matching
- /^ab+c$/ should only match with abc, abbc, abbbc and so on
Numbered matching
- /^ab{2}c$/ should only match with abbc
- /^ab{3,}c$/ should only match with abbbc, abbbbc, abbbbbc and so on
- /^ab{2,4}c$/ should only match with abbc, abbbc, abbbbc
Alternative matching
- /^ab|cd$/ should only match with ab and cd
Any character matching
- /^.$/ should only match with a, b, A, B, ? and so on
Character range matching
- /^[abc]$/ should only match with a, b and c
- /^[a-d]$/ should only match with a, b, c and d
Character range not matching
- /^[^abc]$/ should only not match with a, b and c
- /^[^a-d]$/ should only not match with a, b, c and d
Escaping special characters
- /^\.$/ should only match with .
- /^\*$/ should only match with *
- Same for all special characters used above (e.g., [, ], $ and so on)
And any combination of the features above!

Your implementation should comply with the following:

You are only expected to write boolean match logic, no need to determine match location or matched substring
You can use external dependencies
You should detect non ASCII bytes and raise/return appropriate error
Text must be encrypted but the regular expression could be clear or encrypted (see Reward)

Your PR should comply with the following:

Create the script tfhe/examples/regex-engine.rs
Create the tutorial tfhe/docs/tutorial/regex-engine.md

Library targeted

TFHE-rs

Bounty type

Reward

up to €10,000 for encrypted input and plaintext regex (depending on performance)
an additional €5,000 for both encrypted input and encrypted regex (depending on performance)

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create an application "Play Chess" in FHE

Zama Bounty Program Application

Bounty Github Link:

Github username:

About you:

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Create an encrypted travel routing demo application

Zama Bounty Program Proposal : Travel Routing

Bounty name: Travel Routing
Bounty type: major_bounty
Category: Application
Library targeted: Concrete
Reward: 5K-10K depending on included components.
Overview: We propose to showcase how Zama's homomorphic encryption could be used to create a travel routing service that preserves localisation's privacy through a combination of tutorials/posts/demo-app.

Description:

Introduction

Geolocalisation is sensitive personal data that can easily be used to identify and deduce further information about oneself such as home address, work, favourite foods, hobbies, and more.
Nonetheless, almost all of us use some form of maps on smartphones to compute best itinerairies when traveling.
We thus accept to send our localisation to an external party who could potentially use it for other purposes.

We propose in this tutorial to showcase how Zama's homomorphic encryption could be used to preserve our localisation's privacy while still offering an itinerary computation service.
In this scenario, the server does not learn anything about a client's position at anytime as it sees only encrypted data.

Deliverables

The solution would be a demo client/server app which would demonstrate the feasability of the usecase, together with explanations of the methods and choices made along the way.
Concretely, the deliverables could include:

Extended gist or series of posts on the project
Code and data for both client and server
Demo App (optional)

Roadmap

Part 1: Algorithm

The first phase of the project consists in exploring the feasability of using tfhe for some shortest path algorithm.
Benchmarks will permit to understand what size of a task is computationnally reasonable today.
This will influence how to setup pre-indexing vs caching in order to accelerate computations over time.
Possible algorithms include Djikstra, Bellman-Ford, A*, and many others.

Part 2 : Client-Server

In a second time, we will now code the usecase. The solution we envision is in the lines of:

Client registers a sessions by sending the encrypted map of a region to the server.
(Optional) Server pre-indexes the database.
Client sends an encrypted origin and destination in the region.
Server computes the shortest path using an algorithm from phase 1.
(Optional) Server caches intermediate results
Client decyphers the result.

Part 3 : Tutorials and Demo

Write a gist about the app, what problems were encountered and how they were solved/avoided.
Optionnally, build a demo app that allows a user to select an origin and destination on a map and obtain the shortest path.
A panel will show the messages that are transmitted encrypted to the server, with their decrypted variants client-side.

Potential Difficulties

Homomorphic encryption is computationally intensive and noisy. This project tries to go to the limit of what is possible today, but there are risks involved:

Size of a realistic map is too large:
- on the one hand, we explore graph algorithms in tfhe regardless of the nature of the graph, and we thus can deliver results for at least small graphs.
- Furthermore, there are solutions to either pre-compute indexes or use caching mechanisms to decrease considerably the computation done on the fly.
- Finally, we can accept a higher level of noise in the distance computations.
Shortest path algorithm is not tfhe friendly:
- This is part of the challenge of the usecase, nonetheless we have many different algorithms to choose from.
- Algorithms can often be written as array operations and thus make use of concrete.
  This might incur some overheads, but at least we could have a first solution fairly quickly.
  Optimisations can then follow if needed.

Macro Sizing (Estimated)

Part 1 : 6-10 days
Part 2 : 4-6 days
Part 3 : 4-6 days

Regressors Comparison Tutorial

Zama Bounty Program: Proposition

Please give us as much information as possible on the bounty you would like to submit. You can find inspiration from our existing list of bounties here.

Bounty name: Regressors Comparison Tutorial
Bounty type: easy_bounty
Category: Machine_learning
Overview: Provide a tutorial for working on different regressor models with Concrete-ML.
Description: Tutorial of all the regressors available in Concrete-ML (Regressor version of https://github.com/zama-ai/concrete-ml/tree/release/0.5.x/docs/advanced_examples/ClassifierComparison.ipynb). This tutorial has been submitted and is being reviewed on the fhe-tutorial repository, before the establishment of the shared bounty program.
Library targeted: Concrete-ML
Related links and reference: The PR original repo and the tutorial original description.

Create a SHA256 tutorial

Winners

See the two winning solutions here and here

Overview

Create a tutorial demonstrating how to develop a homomorphic SHA256 function

Description

Create an FHE program that computes the SHA-256 value over an encrypted input.
Turn it into a tutorial for the documentation, highlighting the process of turning a regular
program into its FHE equivalent. Input text could be fixed-length for Concrete Numpy solution,
while it should be any length for TFHE-rs solution.

Here is a python example of code you could start from:

import hashlib

import concrete.numpy as cnp
import numpy as np

text = (
    b"Lorem ipsum dolor sit amet, consectetur adipiscing elit. "
    b"Curabitur bibendum, urna eu bibendum egestas, neque augue eleifend odio, et sagittis viverra."
)
assert len(text) == 150

hasher = hashlib.sha256()
hasher.update(text)

sample_input = list(text)
expected_output = list(hasher.digest())

def sha256(data):
    # TODO: implement this function
    pass

compiler = cnp.Compiler(sha256, {"data": "encrypted"})
circuit = compiler.compile(
    inputset=[
        np.random.randint(0, 2 ** 8, size=(150,))
        for _ in range(100)
    ],
    configuration=cnp.Configuration(
        enable_unsafe_features=True,
        use_insecure_key_cache=True,
        insecure_key_cache_location=".keys",
    ),
    verbose=True,
)

We expect your PR to comply with the following:

For Concrete Numpy:
- Input size is fixed to 150 bytes
- Create the app examples/sha256.py
- Create the tutorial docs/tutorial/sha256.{md,ipynb}
For TFHE-rs:
- Input size is not fixed
- Create the app tfhe/examples/sha256.rs
- Create the tutorial tfhe/docs/tutorial/sha256.md

Library targeted

Bounty type

Reward

Up to €7,500

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

Create an application "Play Chess" in FHE

Zama Bounty Program Application

Bounty Github Link: #46

Github username: Bloemenstraat

About you: I am a mechatronics engineer with a passion for machine learning. I worked 3 years as a fullstack developer before obtaining my master's degree. I stumbled upon Zama during my search for new and innovative ML frameworks. This is my first contribution to a bounty.

Terms and conditions

If your contribution is accepted, we need you to read and sign our Terms and Conditions below to get rewarded:

Credit Scoring

Zama Bounty Program: Credit Scoring

Please give us as much information as possible on the bounty you would like to submit. You can find inspiration from our existing list of bounties here.

Bounty name: Credit Scoring
Bounty type: major_bounty
Category: Application
Overview: We propose to showcase in a real world application on credit scoring how Zama's technology can help address the privacy issues related to exposing sensitive personal information. We propose :
- from the modelling perspective, to start from an existing dataset and model
- from the user experience perspective, to package the whole thing and deploy a server and a frontend client
Library targeted: Concrete-ML
Reward: 13500$ if planned as described by macro sizing

Description

Credit Scoring

A credit score is a numerical expression based on a level analysis of a person's credit files, to represent the creditworthiness of an individual. A credit score is primarily based on a credit report, information typically sourced from credit bureaus. — Wikipedia

Introductory Brief

Credit scoring has always traditionally been reserved to banking institutions and their likes, to assess their customers likelihood to repay their credit — or to decide whether to grant a credit to a potential customer.

Users are lacking a way to assess themselves their credit score, as doing so would require them to submit their private, sensitive credit data to a third party service. This concern over the user data privacy opens a great use-case for FHE : it allows a machine-learning model to be built and to assess user credit scores, without compromising the user banking data, nor their actual credit score.

As such, this projects aims to provide a concrete, useable application that assess users credit scores, while respecting their data privacy.

Application goals

This application has 2 main goals: provide a hands-on approach to Zama FHE and showcase the working of their encryption in a more user-friendly way

Provide a hands-on experience to users

FHE is a difficult concept to grasp. Non-technical users fail to understand how it works — or how it can work, and more technical ones doubt there can be an actual working implementation beyond just a technical proof. This credit-score app is a pretext to deliver an interactive experience over FHE. As such the focus will be put on showcasing a FHE encryption rather than building a full-fledged user credit-score app (e.g. no business-model, no “premium” features…). Nonetheless the model, results and overall behaviour should be immersive enough so the users can understand that FHE is no longer a theoretical concept: FHE is ready to reshape our concept of data privacy.

Encryption showcase

The main goal of FHE applied to machine-learning is to enforce the user data privacy. Ingenuous users will probably miss the difference between FHE and HTTPS, or fail to grasp how the data privacy can be preserved server-side. This application should help non-technical users to understand the preservation of the privacy of their data.

Our take is an ingenuous user needs 2 things in order to accept a change of paradigm (in our case a new form of data privacy behaviour): a representation he can grasp, and the existence of a proof

Visual representation of the encrypted data

A first step is to show the user a visual representation of its plain submitted data, how it presents a risk for its privacy (i.e. banking/judicial data), and how readable it is. Then show him how the same data is unreadable when encrypted so the user can visualize for himself that his data is protected.

Converting the user data to base64 or showing the HTTPS encrypted messages would provide the same sense of security, although not enforcing data privacy by any mean - so this step helps to build trust through a visual medium but does not prove it.

Proof that encrypted data is unreadable by the server

Stating that the data cannot be decrypted by the server is insufficient to build trust. After helping the user visualise its data is “unreadable” the next step is to provide a technical proof in a user-friendly format (e.g. Zama documentation), which can be one of the delivery items.

It is outside the scope of this application to deliver this technical proof as Zama core team is by far the best suited to deliver this (and probably has it already, under the form of a white paper or the likes). We should focus only on referencing it for the more technical user, and providing links to any work that assess it.

Missions

The tasks are grouped in 3 categories:

Machine Learning, which covers everything related to setting up the model,
Web Application, which covers the development of the user interface,
Deployment, which covers the application delivery.

Several deliverables will be produced:

The main application (client and server), deployed and publicly accessible,
The source code, over a public git repository,
Notebooks, showcasing the inner workings of the model,
Markdown writings, which can be exploited as documentation or blog post materials.

The tasks will be converted into Github issues and the deliverables will be converted into Github milestones to help tracking the project development progress.

Maching Learning

Setup the ML project

Setup a machine-learning project that allows to operate credit-scoring on behalf of users. The goal here is not to develop a performant model from scratch but rather to find inspiration on existing models and quickly bootstrap a working model that is compliant with FHE model specific needs.

As to date of 06/04/2023, the main source of inspiration (models + data) is the following Kaggle competition: https://www.kaggle.com/competitions/GiveMeSomeCredit/overview

An emphasis will be put on ensuring the selected Kaggle model works and scales well with its Concrete-ML counterpart

Task	Setup a credit scoring machine-learning model
Deliverable	A notebook sumarizing the model, why it was selected and how it should be configured
Macro Sizing	4 days

Build the Concrete-ML equivalent

Task	Convert the model from the previous step into its FHE equivalent with Concrete-ML
Deliverable	A notebook sumarizing the steps of turning the development steps and showcasing a python script that can be later used for the model deployment
Macro Sizing	5 days

Performance Benchmarking

Analyse the performance between a base ML Model (e.g. scikit-learn implementation) and the built Concrete-ML counterparts. Analyse performance in terms of train/compilation time as well as prediction. The goal here is to show the difference in performance (which we foresee to be very large) but also to emphasise that this “drop” in perf is not so much of a concern at the user level as the execution time remains acceptable.

Task	Analyse the model performance
Deliverable	A written analyse (markdown) of the FHE model performances
Macro Sizing	3 days

Web Application

Core application

Build a web app that allows users to submit their banking data over a simple form and display a credit score result. The application should provide the following pages:

A main page with a submission form
A summary page that displays the user credit score

The emphasis will be put on having a quickly working example, rather than spending time on complex UX/UI. The app structure will allow to later add other functionalities.

The data will be mocked (interfacing the web app with the model will be done in a later stage, once the model is deployed).

Task	Build a single-page web application for interacting with a credit-scoring distant model.
Deliverable	A functional web app which works with mock data.
Macro Sizing	4 days

Visual representation of encryption

Add an intermediary step in the submission form, demonstrating to the user his data is encrypted before being sent to the server. This should be done by replacing the form “send” button to an “Encrypt” button, which redirects him to a page which demonstrates the data is encrypted. As stated in the Application Goals section, building trust at this stage is limited to showing the encrypted data. The interface will also provide links to Zama most adapted “proof” content.

If Zama has any simple visual means (e.g. infography, diagrams…) this can be included in the page.

The page will also provide a “Send to server” button to resume the flow.

Task	Add an intermediary encryption page
Deliverable	The updated web app with mock data.
Macro Sizing	1 day

Encryption with TFHE-rs

Replace the mock implementation of the encryption on the encryption page with the Wasm THFE-rs implementation. Depending on the encrypted data displayability (Binary?), the encrypted data visualizer might have to be adjusted (scroll, only first bits, etc…)

Task	Implement the encryption with the WASM API
Deliverable	The updated web app with working encryption.
Macro Sizing	3 days (depending on how the ease of using the WASM API)

Interfacing with the server

Once the server has been deployed, interface its API so that the web client effectively sends the user encrypted data and obtains results.

Build a mirror page of the previous client encryption, display the encrypted response data received from the server, and provide a “decrypt” button in the client interface. Once the data is decrypted redirect the user to the summary page which displays its credit score.

Task	Interface the client with the server
Deliverable	The updated web app.
Macro Sizing	2 days

Deployment

Setup the production deployment

Follow the production deployment, as described in the documentation. Depending on the practicability, we foresee the following:

a script that builds the model and produce de production artifacts (client.zip, server.zip and serialized_processing.json),
a small HTTP API to interact with the production model,
a CI script (Github Actions) with Docker to automate the workflow.

These steps require some more info and will be split into more specific tasks once the complete workflow is determined.

Task	Setup the production deployment
Deliverable	The source code and a production deployment.
Macro Sizing	5 days

Co-written with @robinstraub

FHE Compression

Zama Bounty Program: FHE Compression

Bounty type:

major_bounty

Category:

Engineering + Research

Overview:

Implementation and integration of FHE Compression for LWE ciphertexts into TFHE-rs

Description:

We implement the compression technique that was proposed in this paper. Using this technique, LWE ciphertexts are converted into ciphertexts of an additive scheme, such as Paillier. This will result in a significant size reduction. The server performs compression before it sends the ciphertexts to the client. The client performs a modified decryption to obtain the correct plaintext result. To enable this, we generate a compression key for the server, and a modified decryption key for the client.
Compression is possible for both a single LWE ciphertext, and a vector of LWE ciphertexts.

We will use the appropriate additive encryption scheme to achieve maximum compression. One potential library which implements Paillier in Rust is rust-paillier but we will use the library which provides the best performance.

In the final product, a user should be able to run the following code, where compression happens on the server, and a modified decryption is done by the client.

use tfhe::boolean::prelude::*;

fn main() {
    // We generate a set of client/server keys, using the default parameters:
    // We add a parameter specifying whether the server should be able to compress or not
    // in which case, the compression key will be included in the server_key, and the 
    // modified decryption key will be included in the client_key
    let compress = true;
    let (client_key, server_key) = gen_keys(compress);

    // We use the client secret key to encrypt two messages:
    let ct_1 = client_key.encrypt(true);
    let ct_2 = client_key.encrypt(false);

    // We use the server public key to execute some operations:
    let ct_3 = server_key.nand(&ct_1, &ct_2);
    let ct_4 = server_key.nand(&ct_2, &ct_3);

    // The server compresses the ciphertext using the server_key
    let ct_3_compressed = server_key.compress(&ct_3);

    // We use the client_key to perform a modified decryption of the output
    let output = client_key.decrypt_modified(&ct_3_compressed);

    // The server can also compress a vector of ciphertexts into the same additive ciphertext
    let ct_vec = vec![&ct_3, &ct_4];
    let ct_vec_compressed = server_key.compress_batched(&ct_vec);

    // We use the client_key to perform a modified decryption of the output
    let output_vec = client_key.decrypt_batched_modified(&ct_vec_compressed);

}

Library targeted:

TFHE-rs

Reward:

16000 Euros

Overview

Matrix inversion is a mathematical operation that is vital for many use-cases: numerical optimization, solving systems of equations, learning regression models, principal-component analysis. In this bounty we would like you to implement an algorithm for inverting encrypted matrices using Concrete-Python.

Description

Many algorithms exist for matrix inversion but they require modification when applied to FHE. For example, you will need to handle convergence criteria which are not directly translatable to FHE circuits but also to introduce quantization in the inversion algorithm.

Implementation guide

We expect the algorithm to produce results with a high level of correctness for matrices that have a realistic dynamic range (i.e. the values in the matrix have similar range and can be quantized to 8-10 bits). Solutions that do not produce sufficient correctness will be rejected. The rankings of the bounty submissions will be based on the speed of the solutions and we recommend that you use tensorized TLUs (applying TLUs on tensors instead of single scalars) as much as possible.

Your should start from this template:

import time
from typing import Tuple

import numpy as np
from concrete import fhe

def invert_matrix(x):
    return x

class EncryptedMatrixInversion:
    shape: Tuple[int, int]
    circuit: fhe.Circuit

    def __init__(self, n, sampler):
        self.shape = (n, n)

        inputset = [sampler() for _ in range(100)]
        for sample in inputset:
            assert isinstance(sample, np.ndarray)
            assert np.issubdtype(sample.dtype, np.floating)
            assert sample.shape == self.shape

        quantized_inputset = [self.quantize(sample) for sample in inputset]
        for quantized_sample in quantized_inputset:
            assert isinstance(quantized_sample, np.ndarray)
            assert np.issubdtype(quantized_sample.dtype, np.integer)
            assert quantized_sample.shape == self.shape

        compiler = fhe.Compiler(invert_matrix, {"x": "encrypted"})
        self.circuit = compiler.compile(quantized_inputset)

    def quantize(self, matrix: np.ndarray) -> np.ndarray:
        return matrix.astype(np.int32)

    def encrypt(self, quantized_matrix: np.ndarray) -> fhe.PublicArguments:
        return self.circuit.encrypt(quantized_matrix)

    def evaluate(self, encrypted_quantized_matrix: fhe.PublicArguments) -> fhe.PublicResult:
        return self.circuit.run(encrypted_quantized_matrix)

    def decrypt(self, encrypted_quantized_inverted_matrix: fhe.PublicResult) -> np.ndarray:
        return self.circuit.decrypt(encrypted_quantized_inverted_matrix)

    def dequantize(self, quantized_inverted_matrix: np.ndarray) -> np.ndarray:
        return quantized_inverted_matrix.astype(np.float32)

    def run(self, matrix: np.ndarray) -> np.ndarray:
        assert np.issubdtype(matrix.dtype, np.floating)
        assert matrix.shape == self.shape

        quantized_matrix = self.quantize(matrix)
        encrypted_quantized_matrix = self.encrypt(quantized_matrix)
        encrypted_quantized_inverted_matrix = self.evaluate(encrypted_quantized_matrix)
        quantized_inverted_matrix = self.decrypt(encrypted_quantized_inverted_matrix)
        inverted_matrix = self.dequantize(quantized_inverted_matrix)

        assert np.issubdtype(inverted_matrix.dtype, np.floating)
        assert inverted_matrix.shape == self.shape

        return inverted_matrix


normal_sampler = ("Normal", lambda: np.random.randn(n, n) * 100)
uniform_sampler = ("Uniform", lambda: np.random.uniform(0, 100, (n, n)))

for name, sampler in {normal_sampler, uniform_sampler}:
    for n in {3, 5, 10}:
        print()

        title = f"Sampler={name}, N={n}"
        print(title)
        print("-" * len(title))

        print(f"Compiling...")
        start = time.time()
        encrypted_matrix_inversion = EncryptedMatrixInversion(n, sampler)
        end = time.time()
        print(f"(took {end - start:.3f} seconds)")

        print()

        print(f"Generating Keys...")
        start = time.time()
        encrypted_matrix_inversion.circuit.keygen()
        end = time.time()
        print(f"(took {end - start:.3f} seconds)")

        print()

        sample_input = sampler()
        expected_output = np.linalg.inv(sample_input)

        print(f"Running...")
        start = time.time()
        actual_output = encrypted_matrix_inversion.run(sample_input)
        end = time.time()
        print(f"(took {end - start:.3f} seconds)")

        print()

        error = np.abs(expected_output - actual_output)

        print(f"Average Error: {np.mean(error):.6f}")
        print(f"    Max Error: {np.max(error):.6f}")
        print(f"    Min Error: {np.min(error):.6f}")
        print(f"  Total Error: {np.sum(error):.6f}")
        
        print()

Your main goal is to minimize errors and make running as performant as possible. Here are a few tips that might be useful:

You should implement invert_matrix function.
You are free to change the function signature to include additional information (e.g., quantization parameters)
If you do that, don't forget to change compilation from fhe.Compiler(invert_matrix, {"x": "encrypted"}) to fhe.Compiler(lambda x: invert_matrix(x, additional, arguments, ...), {"x": "encrypted"})
You are also free to change any other function signature and implementation (e.g., add more parameters to init such as quantization bit-width target)
The only part that you can't change is this:

sample_input = sampler()
expected_output = np.linalg.inv(sample_input)

print(f"Running...")
start = time.time()
actual_output = encrypted_matrix_inversion.run(sample_input)
end = time.time()
print(f"(took {end - start:.3f} seconds)")

print()

error = np.abs(expected_output - actual_output)

print(f"Average Error: {np.mean(error):.6f}")
print(f"    Max Error: {np.max(error):.6f}")
print(f"    Min Error: {np.min(error):.6f}")
print(f"  Total Error: {np.sum(error):.6f}")

print()

Reward

🥇 1st place: €10,000
🥈 2nd place: €3,500
🥉 3rd place: €1,500

Rewards are attributed based on speed performance on the Amazon EC2 M6i instances.

Submission

Apply directly to this bounty by opening an application here.

Questions?

Do you have a specific question about this bounty? Join the live conversation on the FHE.org discord server here. You can also send us an email at: [email protected]

DecisionTree Regression Tutorial

Zama Bounty Program: DecisionTree Regression Tutorial

Bounty name: DecisionTreeRegressor Tutorial
Bounty type: easy_bounty
Category: Machine_learning
Overview: Create a tutorial that showcases the use of DecisionTreeRegressor from concrete-ml.
Description: The tutorial should show how Zama's concrete-ml can help with privacy-preserving inference for decision tree regression, emphasizing the workflow and differences with usual scikit-learn workflow.
Library targeted: Concrete-ML
Reward: $750
Related links and reference: https://github.com/zama-ai/fhe-tutorials/pull/8

Create a tutorial for Linear SVR

Create a tutorial for new models with Concrete-ML

Machine Learning

Overview

Create tutorials for various models available in Concrete-ML

Description

Create tutorials for models which do not have tutorials, i.e.:

one tutorial for LinearSVC
one tutorial for LinearSVR
one tutorial for DecisionTreeRegressor

For tutorials bounties, we expect candidates to:

provide a PR on the public https://github.com/zama-ai/concrete-ml (or a fork of it), with just a few new file, ideally a single Jupyter notebook
to have a very detailed notebook, written in a pedagogical way, with an emphasis in the new section(s), i.e., what makes this notebook different from other notebooks

If one needs to modify the library to have the tutorial, it is ok, but then, rules of SW apply as well.

Library targeted

Bounty type